vhci_hcd vhci_hcd.0: pdev(1) rhport(1) sockfd(3)
wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
vhci_hcd: connection closed
==================================================================
BUG: KASAN: null-ptr-deref in atomic_inc include/asm-generic/atomic-instrumented.h:109 [inline]
BUG: KASAN: null-ptr-deref in kthread_stop+0x72/0x6b0 kernel/kthread.c:558
Write of size 4 at addr 000000000000001c by task kworker/u4:0/7

CPU: 0 PID: 7 Comm: kworker/u4:0 Not tainted 4.19.162-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: usbip_event event_handler
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1fc/0x2fe lib/dump_stack.c:118
 kasan_report_error.cold+0x15b/0x1c7 mm/kasan/report.c:352
wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
 kasan_report+0x8f/0x96 mm/kasan/report.c:412
 atomic_inc include/asm-generic/atomic-instrumented.h:109 [inline]
 kthread_stop+0x72/0x6b0 kernel/kthread.c:558
 vhci_shutdown_connection+0x14e/0x280 drivers/usb/usbip/vhci_hcd.c:1021
IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
 event_handler+0x1f0/0x4f0 drivers/usb/usbip/usbip_event.c:78
 process_one_work+0x864/0x1570 kernel/workqueue.c:2155
 worker_thread+0x64c/0x1130 kernel/workqueue.c:2298
IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
 kthread+0x33f/0x460 kernel/kthread.c:259
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
==================================================================
ptrace attach of "/root/syz-executor.2"[9666] was attempted by "/root/syz-executor.2"[9670]
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
vhci_hcd: vhci_device speed not set
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
usb 11-2: new full-speed USB device number 2 using vhci_hcd
TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
ptrace attach of "/root/syz-executor.2"[9694] was attempted by "/root/syz-executor.2"[9698]
wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
audit: type=1400 audit(1607443350.082:2): apparmor="DENIED" operation="change_profile" info="label not found" error=-2 profile="unconfined" name=3A2626401837BFD7C6BD7DBADA78A29906105F28AC5A8C801E9437C70D9F781521BB848F5D4A9F20E0E564A1D3F07E10F5A32926CEE761AF19714C556AEC4A93AF0218FA4DBBA84BF34E916B6AFEAD8685A6D61AA2FA388BCB0FEFB9ED99B14B2BEAF9A45A0954C4EECF8EE0B6F052B9DB86A3256FA72991BB9B40080C61E79D048A6D30059BD08206D5D467083A pid=9695 comm="syz-executor.0"
IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
vhci_hcd: connection closed